Greg Stark <[EMAIL PROTECTED]> writes: > Shachar Shemesh <[EMAIL PROTECTED]> writes: >> Also, if we want greater flexibility in handling these cases in the future, we >> should set up an invite-only list for reporting security bugs,
> A lot of people would be unhappy with that approach. A) they don't know the > people on the invite-only list and have no basis to trust them and B) Often > when a white hat reports the problem the black hats have known about it for > much longer already. Past procedure for sensitive bugs has been for people to send reports to the core committee (pgsql-core at postgresql dot org). If you don't trust us you probably shouldn't be using Postgres ;-) As per other comments, I don't find this bug compelling enough to justify an instant release. Also, the original reporter is still running his analysis tool and has found some other things that might be worth patching. (Again, nothing compelling yet... but ...) I'm inclined to wait a bit longer and see if we can't include some more fixes in 7.4.3. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])